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a method and an apparatus for handling the access to optional features in 
optional features. 
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METHOD AND APPARATUS FOR ACTIVATING PROGRAMS/FEATURES >N A COMPUTER 

5 optional features in such systems. 

E^dXt large computer systems, there is a need for vendors to offer optional 
Actions or features that can he made available to an operator if and when they axe 
paid for. In many cases the ongmal order does not mc.ude these features. Tins 
Leans that the additional order of snch functions will result in a software dehvery 
procedure. The procedure to create the software package, deliver it to the customer 
and upgrade the target system is costly and time consuming. Installation also 
requires that the system be taken down while the software is mstalled. 

Also the system management becomes increasingly difficult when new deliveries are 
made. 

Often customers want to test a feature over a penod of time before decidmg whether 
20 or not to buy it This normally requires test installation of programs. 

One example of such a computer system is a modern digital telephone exchange. In 
te ,ephone exchanges it is particularly important to avoid service interrupt. Therefore, 
there is a strong desne to be able to change the functionality of a telephone exchange 
without having to take the exchange out of semce. 

One so.ution is to deliver a complete software system to the customer, but to activate 
only the programs or features the customer has ordered. The other programs or 
features could then be activated at a later date without new software instaUaPon. 
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and utilization of that software. 

For licence management a so.utionknown as Hardware keys is often used, m os tl y by 
vendors of personal compters (PCs). Hardware keys are delivered to *e „ 

J printer port. The delivered software contpnses a unique bufit-m key — - 

hardware key, the software is in effect protected from unauthorized copyntg. 

A method to prevent continued unauthorized use of protected software when a 
tes ting time has elapsed is disclosed in US-A-5,014,234. A set of regtstra.on data 
appended toaselected system file is employed mstead of data bemgapart of the 
, IL to he protected. When the propnetor of the protected software recedes the 
registration data, a "diffuse" number is generated from me software senai number 
and returned to the user. 

Amethod for protecting the mstnbution of computer programs withm a broadcast 
,0 mechum is disclosed m US-A-5,4 16,840. Tms means touting a large number of 
different software titles to a Urge number of potential customers, for instance on 
CD-ROM. Each stored encrypted program has an associated identifier that may be 
used to identify a selected program on the medium. The systemhas a decryptmg 
device which has an associated unique identifier. 

Twotablesaregeneratedandstored.Thefirsttabiemcludesmecorrelations 
between the encryption key and the program identifier. The second table includes 
correlations between a password key and the hardware identifier. When a user 
selects a particular software program from the medium, a program .denser and a 
30 hardware identifier are used to permit access to the selected program. In the 


PCT/SE98/00948 

WO 98/53384 

3 

document it is foreseen that this will be associated with an obligation to pay for the 
use of the program. 

The solutions described above may be used for complete tools and applications, but 
5 are not implemented for special features within the apphcations. 

Summary of the Invention 

Thus it is an object of the present invention to be able to extend the systetn 
functionality, in particular in large computer systems, without the need for new 
10 software deliveries. 

It is another object of the invention to be able to discover any unauthorized use of 
features in the system without the use of additional hardware. 


15 


It is yet another object of the invention to provide thne-hmited test licences of 
applications or features without the need for new software deliveries. 


These objects are achieved according to the invention by equipping the computer 
system with an encrypting key, winch may be unique to one particular system or, if 
20 the customer has several similar systems, to a particular customer. This encryptmg 
key is added at system generation and may therefore be invisible to the users of the 
system. In addition, for eaeh optional feature there is a date tag used for recordmg 
the date when the feature status was last changed, one integer identifying the feature 
and one integer identifying the activation status of the feature. The two integers are 
25 stored as encrypted values, encrypted usmg the she untque encoding key. One 
particular feature is always identified by the same integer in all systems, but this 
integer will be stored in the systems encrypted with different encrypting keys. 

When a feature is to be activated, as negotiated between the vendor and the 
30 customer, the vendor sends at least two integers to the customer, encrypted usmg the 
same encrypting key as the one found in the customer's system. The customer enters 
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these integers into his system. The system decrypts the integers and performs one or 
m0 re arithmetic operations, to determine if the entry is valid, what feature should be 
activated and for how long. An electronic seal may be used to confirm that the 
delivery had been authorized by the vendor. 

In the log, the use of features is logged together with other ^formation about 
activities that occur regularly in the system, for example about system restarts. In 
this way, the log is never empty, and log entries occur regularly, unless the log or the 
,oggmg function has been tampered with. Thus, if someone tnes to cheat, ft wtil be 
10 revealed in the log. 

The invention offers the following advantages: 

The method according to the uwenuon enables the mstallation of all features at an 
initial installation. 


15 


enables the vendor to check what features the customer has used since 


20 


The log 
installation. 

The log enables the vendor to check mat only activated features have been used and 
that all activation procedures were the result of appropnate busmess transact™, 

The logging of routine activities together with the information about the 
activation/deactivation of features allows the vendor to check if the logging foncfton 
and/or the log file has been tampered with. 

The security level of the method according to the uwenuon is such that unauthonzed 
activation of features will be poss.ble if the system is tampered with. Also, no 
automatic deletion or deactivation of services is foreseen. However a loggmg 
function allows the system vendor to identify unauthorized use of features. 
30 Therefore, the method according to the invention is snitable for large systems or 
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systems with a relatively small number of customers, when the vendor and the 
r maintain contact throughout the system's lifetime. 


customer i 


Brief Description of the Drawings 

5 The invention will be described in more detail in the following, with particular 
reference to the drawings, in which: 

Figure 1 is a schematic representation of a computer system according to the 
invention; 

Figure 2 is a flowchart of the events that occur when a feature is to be activated in a 
10 system according to the invention; 

Figure 3 is a flowchart of the events that occur when someone tries to use an 
optional feature in a system according to a preferred embodiment of the invention. 

Detailed Description of the Embodiments 

15 Figure 1 is a schematic representation of a computer system according to the 
uwention. The system comprises a number of basic functions 1, for example an 
operating system, or, in a telephone exchange, the basic switching functions and the 
basic subscriber functions. The system also comprises an encrypting key 3, which is 
unique to the system, and which is included when the system is manufactured. Since 

20 the encrypting key is added at the initial system generation, it is neither logged nor 
visible outside the system. However, it is known at the central managing site, from 
which new features are purchased. 

There are one or more optional programs and/or features Fl. F2, ... , Fn within the 
25 programs. As an example, consider an office program package containing a spread 
sheet, a word processing programming, and file managing program. The word 
processing program has some optional features, such as a graphics package and an 
equation editor. If the customer wants only the file managing program and the bas.c 
version word processing program, the whole package would be delivered, but the 
30 spread sheet program, the graphics package and the equation editor would be locked, 
or deactivated. Later on, if the customer wanted the graphics functions, it would 
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already be available without any new mstallation, and would only need to be 
activated. 

If the computer system is a telephone exchange, for example, it may include the 
5 basic subscriber services from the beginning, but not optional features such as call 
waiting and call forwarding, which may be offered to the subscribers, and winch 
may be wanted at a later stage. 

Each optional feature Fl, F2, .... Fn comprises the feature software FSW and three 
10 mtegers, encrypted with the system unique encrypting key, to be used when the 
service is activated: one feature date tag FD, one feature ulentification number Fl 
and one feature activation status FA. 

When a feature is to be activated, the vendor sends at least two integers to the 
customer, winch are to be entered into the system. For mis and other purposes the 
system comprises at least one input terminal 5, from which the user can enter the 
integers. The system also comprises a comparison means 7 for comparing the 
entered integers with the ones stored in connection with each feature. The use of 
these integers is discussed in detail in the description of figwe 2. In the followmg 
20 discussion of the invention, three integers will be used. 

The system includes one log indicator 9 stored in such a way that it is not persistent, 
for example in the random access memory (RAM). In this log indicator it is 
indicated at least when a feature is used for the first time. The log records are then 
25 writtentoalog 11 stored on disk, out of reach for the user, so that it cannot be 

changed or erased manually, as explained in connection with figure 3. It will not be 
possible to prevent this with 100% certainty, but if attempts to change or erase the 
log are made, these attempts will leave traces. 


15 


30 


When a feature is activated, the feature identity, time of activation, activation state 
and the seal are logged. 
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If the system is restarted, the log indicator 9 is erased, but the log 1 1 is not. When 
the system is powered up or restarted, some system-specific information that .s 
always present and can be verified against other information sources, is checked and 
5 stored in the log. In a preferred embodiment, the activation status, and the time and 
date of the last change of status, of all optional features are registered. 

Theoretically it would be poss.ble to log every time a feature is used, but in many 
cases this would make the log very big and not add any useful information. In some 
10 cases the only point of interest, as will be discussed later, is whether or not the 
customer is using a particular feature, not how many times it is used. To prevent 
unauthorized persons fiom tampering with the file it is suggested to let the log 
consist of a number of sequential files, and to use a wrap-around principle, so that 
when it is full, the oldest file will be overwritten. 


15 


20 


The system vendor may exanune the log 1 1 at regular or irregular intervals, to venfy 
that only the features paid for have been used. 

The system may further comprise a table 13 for storing previously used integer 
combinations to prevent later use of the same integers. 


25 


Figure 2 shows the events that occur when a feature is to be activated according to a 
preferred embodiment of the invention. When the feature is purchased, the customer 
receives at least two encrypted integers from the vendor. In a preferred embodiment 
three integers II, 12, 13 are used, which are delivered with an electronic seal. The 
first two integers II, 12 are used to identify the feature to be activated and the third 
integer is used together with the other two, to determine the activation nme. It will 
be obvious to the person skilled in the art that the number of integers used in the 
operations could be increased. The seal is unique to this business transaction, and 
30 may for example be an integer. It is used to verify that the delivery was actually sent 
from the vendor and that it has not been manipulated by anyone. 
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As an additional check, the identity of the feature to be activated might be specified 
in connection with entering the encrypted integers. 

5 Step 100: The three integers 11, 12, 13 are entered into the system, normally by the 
customer. 

Step 102- The system decrypts the two first integers II, 12, using the system unique 
decrypting key and performs an arithmetic operation on 11 and 12 to produce a new 
integer 14. 

10 Step 104: Is 14 equal to the feature identity FT? If yes, go to step 108; if no, go to 
step 106. 

Step 106: Register the failed attempt to activate the feature in the security log. End 
procedure. 

Step 108: The system decrypts the third integer 13 using the system unique 

15 decrypting key. 

Step 110: The system performs an arithmetic or Boolean operation on 13 and 14 to 

produce the activation code AL 

Step 112: Is the activation code Al equal to zero? If yes, go to step 1 18; if no, go to 
step 114. 

20 Step 1 14: If 0<A1<365, go to step 1 16; otherwise go to step 106. 

Step 1 16: Activate the feature for a number of days corresponding to the value of 
Al. Go to step 120. 

Step 118: Activate the feature permanently. Co to step 120. 

Step 120: Set the date tag to the current date and log the activation of the feature. 

25 

The security log is not necessarily a separate log, but may be part of the log 1 1 . 

The arithmetic operations in steps 102 and 104 may be the same land of operation or 
different ones. For example, an exclusive or operation may be performed on the 
30 binary representation of the two numbers. It will be obvious to the skilled person 
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.hat any number of integers might be used in the operations. In step 120 the 
activation status of the feature may be stored in a log, or in connection wrth each 
feature. 

5 Figure 3 shows the events that take place when someone toes to use an optional 
feature in the system. In the example of the computer system comprismg an office 
program package, this may be when someone tries to run one of the programs or, 
assummg that a person is working in the word-processing program, for example at 
an attempt to use the graphics part of the program. In the example of a telephone 

10 exchange, it may be when a subscriber tnes to use the call forwarding feature. 

Step 150: An attempt is made to access a feature. 

Step 152: The system checks me feature has been activated, U. if the value of the 
activation code Al is within the allowed range (0-365). If yes, go to step 1,4; rf no, 
15 go to step 158. 

Step 154: The system checks if the activation code Al equals 0. If yes, go to step 
160; if no, go to step 156. 

Step 156: The system checks if the activation date of the feature + Al . less than or 
equal to today's date. If yes, go to step 160; if no, go to step 158. 
20 Step 158: Access to the feature is denied. End of procedure. 

Step 160: The system checks if the log indication for the feature is activated. If yes, 
go to step 166; of no, go to step 162. 

Step 162: The system creates a log record comprising the feature identity, acttvatton 
status and current date in the log indication found in RAM. 
25 Step 164: The log record is stored in the log on disk. 

Step 166: Access to the feature is granted. End of procedure. 

After or in connection to step 158 of course the failed attempt to access the feature 
could be logged, although this is not shown in the flow chart. 

30 
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After the limited period of time has expired, it would of course be posstble to 
deactivate the feature again by changing the value of the activation status FA to a 
nunl ber outside the allowed range (0-365). In dus case, the activity m step 156 nught 
be omitted. 

posstble to allow the user to test the feature a limited number of times. This could be 
solved in different ways; for example, the date tag would be replaced by a field 
registering the number of times the feature may be used, and a field regrstenng how 
10 many times the feature had actually been used. In steps 152, 154, 156, the values of 
these two fields would be compared. Another possible solution would be to regtster 
the number of times the user was allowed to use the feature in a counter field and 
decrement the value of this counter field each time the feature was accessed. 
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CLAIMS 

, a method for control — and/or deactivation of programs or pans of 
following steps 

. ManuaUy entenng at least one mteger (II), encrypted with the same .and of 

encrypting key as the one found in the computer system; 
- AutomaticaUydectyptmgmeintegenusingtheenctyptmgkey; 

. A.omahcaUyperfonn^^ 

t0 produce at least another integer (14) and comparing the result wtth a feature 

identification (FI); 

. H sard second mteger (14) equals said feature identified (FI), perfomnng the 
following steps: 

- performing another aritnmeticop^ 

and at least one additional integer (12) entered into the system, to detemune the 
length of the period for which the feature should be actrvated. 
20 . acnvatrngmefeatureformespecifiedperiodoftime. 

2 A method according to step 1, characterized in that the following steps are 
earned out by the system when an attempt to use the feature is carried out: 

- checking if the feature has been activated; 

25 - ifthefeaturehasbeenactivated,checkmgifmeachvationisstillvahd 

- if the activation is still valid, granting access to the feature. 

3 A method according to claim 1 or 2, characterized m that the feature identity (FI) 
and rne activation time (FD) are stored m a log (11) perststently stored m the system 
30 when the activation status of the feature is changed. 
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A method according to claim 3, characterized by 

m mtfl the customer together with an electronic seal, 
Delivering the integers (II, 12) to the cusiomex h 

unique to the transaction 

i„ the loc f 1 n when the activation status ot the 
. Storing the transaction unique seal in the log U U ww 

feature is changed, 
access to the feature is granted: 

. checking if there is a log record for the feature, and, if there „ not, perfomung the 
following steps: 

.reg.sreringtheachvauonofthefeatureinthelogindicanonC^ 

- creating a log record for the feature and storing it in the patent log (1 1). 

6 a method according to any of the preceding clahns, characterized by mcludurg 
an encryption key in the computer system at system generate 

7 . Amethod according to any of the preceding claims, characterized in that the 
computer system is a digital telephone exchange. 

8 A computer system comprising one ore more basic functions (1), one or more 
optional programs and/or program parts (Fl, F2 F„), an encrypting key (3), and 

entered into the system to produce a result (14), characterized in that each op*onal 
pxogram or program part (Fl, F2, .... Fn) is associated with at least one mtegerCFI), 
stored encrypted with the encrypting key (3) and that the system comprises means 
(7) for comparmg the result of said at least one arithmetic operation with sam at least 
one integer (Fl) and activating the program part if there is a match. 
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9 A computer system according to claim 8, compnsing a log (11), stored in such a 
way that it cannot be erased in normal operation and that it will remain over a 
system restart, characterized in that said log (1 1) is adapted to comprise at least 
information about the activation status (FA) of features, the time (FD) when the 
activation status of the feature was last changed, the seal, if any, used in the 
transaction when the activation status was changed, and information about system 
restarts. 

10. A computer system according to claim 8 or 9, characterized in that it comprises 
a log indication file (9) stored in a non-persistent way and adapted to contain 
information for each feature (Fl, F2, Fn) about whether or not the feature has 
been used. 
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